Firefox defends itself: Everything done right, just poorly communicated

Contents

Firefox CTO Bobby Holley has commented in detail on the accusations of accessing user data through the back door. Even though he admits that Mozilla should have explained the function called Privacy-Preserving Attribution (PPA) better, he basically defends the course that has now been taken.

First, Holley passes the buck to the advertising industry: Today, the Internet is a massive surveillance network; advertising providers have an enormous economic interest in circumventing any countermeasures. Even if Firefox had relied on such anti-tracking functions in the past, it is now clear that such an arms race cannot be won. In addition, they had only protected the privacy of Firefox users – and Mozilla wanted to improve the privacy of everyone.

Privacy not just for individual users

Holley also comments on the fact that the PPA is an opt-out feature that users have to deactivate separately. He believes that most users would simply accept the default settings without seeing them. Furthermore, this would present the problem of privacy as one of individual responsibility: While knowledgeable users would be satisfied in this way, the privacy of most users would remain compromised.

Consequently, the only option would be to introduce a system by default that would allow the advertising industry to achieve its goals, but at the same time would not collect any personal data. Accordingly, the PPA approach is a fundamental improvement over the current Internet. The fact that Mozilla cooperated with Meta on the PPA is the best proof of this: if these two companies are happy with the result, the goal must have been successfully achieved.

Hardly any functions so far

He also commented on the technical details: firstly, the PPA would not be based on Anonym. This developer was taken over by Mozilla a few weeks ago and also wants to unite the advertising industry with protected privacy. Rather, the W3C has been working on such a concept for several years within the framework of the PATCG, on which the PPA is now based – nevertheless, the function introduced in Firefox 128 is still quite limited. It also makes no compromises in terms of privacy, as some of the best encryption experts have confirmed. Holley points out that critics should test the current implementation for themselves. It can be found as an experiment on GitHub.

As it is a prototype, the PPA only works with Firefox at the start and only with a few test pages. The current aim is to check the technical status of the company name. They only want to take measurements – specifically aggregated figures on impressions and conversions – and are not planning to target users.

Criticism of default settings

Holley believes that the PPA can protect user privacy better than many other previous functions. And in contrast to many other proposals relating to data protection, the PPA would meet the high standards for default settings in Firefox. Those who fundamentally distrust web advertising can disable the feature as usual - users can continue to configure their browser as they wish. But requests for approval for new functions are user-hostile and would distract from better default settings; he does not believe that such a dialog would have been an improvement.

He fires back by saying that the advertising industry would remain in any case, but with the right measures, user surveillance could disappear. Technology such as PPA would enable companies to stop tracking users. And those who don't could be targeted all the more aggressively by browser developers and government regulation.

Advertising remains anyway

In summary, Holley sees the PPA as a mixture of a necessary evil against the advertising industry and business-friendly privacy. However, he does not go into whether and how Mozilla would benefit from such a network as a possible middleman - one of the main points of criticism after all. And even though he prioritizes the security of the current implementation, he does not explicitly address the fact that user data will always leave the system even with the PPA.

The statement can be found in a long thread on Reddit. In the update overview for the new Firefox published at the same time, however, there is no reference to the PPA - but to how Firefox protects user data from AI training, for example.

(fo)